One in three large businesses are stockpiling more than 30 bitcoins, worth over £50,000, according to a recent report, but should all businesses do the same? Sooraj Shah investigates.
The rise of the cryptocurrency bitcoin has been staggering. Just a few days ago it traded above $3,000 for the first time – more than tripling in value since trading at $988 on December 31. This was a currency that was worth less than a cent in 2010, and only made parity with the US dollar in 2011.
During this rise, however, there has also been a rise in cyber-attacks – most notably ransomware that requests bitcoin for payment; the most famous of which was last month’s WannaCry campaign that struck the NHS as well as other huge corporations.
With ransomware reaching record levels and bitcoin’s increasing value, is it time for CFOs and finance directors to ensure they have bitcoin in-house, both to tackle ransomware and for investment purposes?
One piece of research, commissioned by Citrix, which quizzed 500 IT decision makers in companies with 250 or more employees; it found that more UK companies were building a ready stockpile of digital currency, including bitcoin, in case of a ransomware attack – rising from 33% in 2016 to 42% now.
In fact, large UK businesses were stockpiling an average of 23 bitcoins– providing them with about £50,000 in cryptocurrency in preparation.
But as security expert Graham Cluley told AccountingWEB, it’s more important to “invest in a secure backup strategy before the ransomware strikes”.
Chris Mayers, chief security architect at Citrix echoed this view: “Prevention is better than cure. All organisations should be taking basic, simple measures to protect against ransomware; that includes keeping things up to date, making sure everything is patched, anti-virus is up to date and data is all backed up”.
organisations given conflicting advice”
But organisations are given a lot of conflicting advice: they’re told to be prepared for anything, while also having to understand that every business is likely to be hit by a cyber attack of some form at some point – and they should not pay up to criminals under any circumstances.
So it’s unsurprising that the decision to stockpile digital currency reflects a widespread attitude that paying a ransom may be necessary. Just one-fifth (22%) of businesses are not prepared to pay anything when struck with a ransomware attack – a reduction from 25% last year.
The Citrix research also found that small companies were more likely to keep a ready supply of cryptocurrency than larger businesses.
“Perhaps large businesses feel they’re in a better position to tackle this problem through other means like taking basic cyber hygiene, for example,” said Mayers.
Smaller businesses could be priced out
There is also the fact that as bitcoin’s value increases, smaller businesses could be priced out of obtaining the currency they need, so they’re stockpiling it now.
“There are going to be cases where business critical infrastructure has been compromised, and the simple value proposition is: pay less in bitcoin now or lose a tremendous amount of money, maybe the whole company,” suggested Dave Carlson, founder of Bitcoin mining start-up Giga Watt.
no guarantee a company will get their data back after paying the ransom"
However, bitcoin isn’t necessarily a cure. In fact, according to one report, nearly 25% of all malware attacks remained unresolved after the bitcoin payment was made. To make matters worse, it also gives criminals the wrong impression that businesses are happy to pay up.
“The main issue is that it only proliferates the success and commercial viability of the activity. Also, there is no absolute guarantee that a company will get their data back after paying off the ransom, or that criminals won’t attack,” said Mark Weir, regional director UK&I of Fortinet.
Bitcoin for business
While obtaining bitcoin specifically as an insurance policy for ransomware attacks may not be an idea financial advisers would encourage, bitcoin – or indeed other cryptocurrencies – could be a good investment nevertheless.
However, a CFO or finance director should do their homework before making any decision.
“The quantity of bitcoin you maintain should be equivalent with your needs and not for ransom paying,” Nicholas Evans, vice president and general manager at IT company Unisys told AccountingWEB. “Like with other investments, it needs to made with careful analysis of the market just like other commodities”.
Now or in the future, the business in question may have clients that want to be paid in bitcoin or wish to make payments in bitcoin, in which case it could be worth exploring.
However, cryptocurrencies require having the right systems in place, and understanding that exchange rates with cryptocurrencies are volatile, meaning that the firm in question could suffer a loss when converting the digital currency into standard currency.
Cryptocurrencies are encrypted but this doesn’t mean they are completely secure. A finance director or CFO should seek advice from a technical specialist who can help them understand what bitcoin could mean for their organisation.